Write two pages about each of the following list (Open-source Risk Management tools) • OSMR • MARCO • CORAS Risk Assessment Platform • ISO 17799 Risk Assessment Toolkit • Easy….
Water and Wastewater System
- Offer your opinion as to the two critical infrastructure sectors you feel are currently most at risk. Offer sound reasoning as to why you hold this position (support your position with appropriate resource material), and highlight the role the private sector can play in decreasing this risk.
The two sectors that I feel are most at risk is based off of their dependency on each other and the dependency that our society has placed on them to function on a day to day basis. In turn, at least in my opinion, it makes them a high value target to anyone trying to cause harm to the nation. Not to mention the ease of being able to attack these sectors and actually get away with it. These two sectors are the Energy Sector and Information Technology Sector. Let me first say that in regards to being able to successfully attack either one of these sectors on a national level, I believe is impossible, meaning that I believe that it is impossible to disable either of these sectors completely on a national level. However, regionally, it is absolutely possible and such an attack can cause cascading effects that can potentially impact the nation.
First lets talk about the Energy Sector. I think that anyone can understand what this sector is responsible for producing for the nation, energy. It powers everything in the modern world and although humans have survived without energy in the past, quite frankly in the modern world I do not know if it is possible. Our society has created such a dependency on this resource that if it were to disappear our society would diminish rapidly. The Department of Homeland Security (DHS) states that there is a reliance of all critical infrastructure (CI) sectors on the Energy Sector (n.d., par 3). However, because of circumstance this sector is extremely vulnerable.
The vast expanse of the nation creates unique vulnerabilities for this sector that is hard to defeat or even mitigate. For example, power lines. Without these power lines the massive amounts of energy that is created to run our society would not be able to reach where it needs to go. Anybody can drive down the road and see power lines everywhere, including in places where there is no civilization. This is where the vulnerabilities lie. These power lines and towers that carry these power lines are not protected. Of course this is explainable considering the amount of money it would take to be able to secure these towers and power lines, something the private sector is not willing to do, considering their intent is to gain money.
It is easy to see how an individual can carry out a successful attack on one of these towers and knock out power to a particular region for days if not weeks depending on the location of the tower. Now if it were a coordinated attack that knocked out multiple towers, then multiply the consequence. I am not even getting into the realm of natural disasters and the capabilities of the natural world to accomplish the same end state. This is all apparent in the Energy Sector Specific Plan (SSP) where the DHS states the top identified threats to this sector are cyber and physical security threats and natural disasters (2015, p 5). Which brings us to our next sector, Information Technology.
The Information Technology (IT) Sector provides valuable resources to the nation and other critical infrastructure components such as virtual functions like hardware and software for computers and the most important thing to all humanity, the internet. In the world were interconnectedness is increasing and IT continues to control more and more of our networks it is becoming increasingly imperative that we protect this resource. However, that is not as easily done as said. The virtual world that is created by this asset is also a world that is easy for criminals to live in and be invisible.
This sector is not only vulnerable to criminal and terrorist organizations that can implement denial of service (DoS) to important infrastructure entities, but the IT sectors dependency on energy to continue operations also makes it vulnerable to natural disasters that can knock out operating systems and energy sources. The DHS IT SSP highlights the daily threats to this sector when it states that although the sector provides valuable resources that increase efficiency within a sector, they face a plethora of global man made and natural threats daily (2016, p 1). As already stated this makes it imperative for the private sector to implement security measures to ensure continuity of operations.
How does the private sector do this? Simple. Through coordination and collaborative efforts with the federal government to ensure the exchanging of valuable information. This can be accomplished through the Sector Coordinating Council (SCC) and the Government Coordinating Council (GCC) which help to focus building security and resiliency based off of the recommendations given through the National Infrastructure Protection Plan (NIPP). Although the driving force behind the private sector is and will always be money, realizing that an investment in resiliency will help sustain these sectors and the nation.